ClawHub

sam-faces

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides local face recognition, but it automatically identifies people in photos and retains face-related data without enough consent or retention controls.

Review before installing. Use this only in workspaces where local biometric recognition is acceptable, and avoid processing photos of people who have not agreed to be identified or enrolled. Check and periodically delete the workspace face database and unknown-face crops if you do not want retained biometric data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to automatically save user-shared images to a temp path and run face identification, but it does not require any user notice or consent for biometric processing or for local storage of face-related data. Because face recognition and identity memory involve sensitive biometric information, silent processing and storage increase privacy risk and can surprise users who intended to share an image for general understanding rather than identity analysis.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill directs automatic identity recognition whenever a user sends a photo, treating image sharing as implied consent for biometric identification. In context, this is more dangerous because the skill is specifically designed to build persistent identity memory and inject recognized identities into LLM context, enabling unannounced profiling, misidentification harms, and disclosure of who appears in images without explicit permission from the user or the depicted individuals.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal